Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Double Patenting
The nonstatutory double patenting rejection is based on a judicially created doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or improper timewise extension of the “right to exclude” granted by a patent and to prevent possible harassment by multiple assignees. A nonstatutory double patenting rejection is appropriate where the conflicting claims are not identical, but at least one examined application claim is not patentably distinct from the reference claim(s) because the examined application claim is either anticipated by, or would have been obvious over, the reference claim(s). See, e.g., In re Berg, 140 F.3d 1428, 46 USPQ2d 1226 (Fed. Cir. 1998); In re Goodman, 11 F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970); In re Thorington, 418 F.2d 528, 163 USPQ 644 (CCPA 1969).
A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) or 1.321(d) may be used to overcome an actual or provisional rejection based on nonstatutory double patenting provided the reference application or patent either is shown to be commonly owned with the examined application, or claims an invention made as a result of activities undertaken within the scope of a joint research agreement. See MPEP § 717.02 for applications subject to examination under the first inventor to file et seq. for applications not subject to examination under the first inventor to file provisions of the AIA . A terminal disclaimer must be signed in compliance with 37 CFR 1.321(b). 
The USPTO Internet website contains terminal disclaimer forms which may be used. Please visit www.uspto.gov/patent/patents-forms. The filing date of the application in which the form is filed determines what form (e.g., PTO/SB/25, PTO/SB/26, PTO/AIA /25, or PTO/AIA /26) should be used. A web-based eTerminal Disclaimer may be filled out completely online using web-screens. An eTerminal Disclaimer that meets all requirements is auto-processed and approved immediately upon submission. For more information about eTerminal Disclaimers, refer to www.uspto.gov/patents/process/file/efs/guidance/eTD-info-I.jsp.
Claims 1-20 are rejected on the ground of nonstatutory double patenting as being unpatentable over claims 1-20 of U.S. Patent No. 10528725. Although the claims at issue are not identical, they are not patentably distinct from each other because the current claims contain fewer limitations than the parent and it would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to remove limitations and the results would be predictable.


Claim Rejections - 35 USC § 102
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for the rejections under this section made in this Office action:
A person shall be entitled to a patent unless –




Claim(s) 1-5, 7-16 is/are rejected under 35 U.S.C. 102(a)(1) as being anticipated  by Zou (US 2016/0212099).

Regarding Claim 1,

Zou teaches an apparatus for Internet of Things (loT) security, comprising: 
an loT hub including one or more devices (Figure 2, 208, 206 teaches hub, 204-1, 204-N teaches IoT devices), the devices including at least one memory adapted to store run-time data for the devices, and at least one processor that is adapted to execute processor-executable code that (Paragraph [0031] teaches processor, memory), in response to execution, enables the IoT hub to perform actions, including: 
generating a configurable IoT device model (Paragraph [0047] generate device profile); 
storing a set of security rules that are associated with an expected condition of at least one IoT device (Fig. 1, 1102, 1104, wherein normal behavior is “expected condition”); 
receiving loT data associated with the at least one IoT device in response to a determination, by the at least one IoT device, that a threshold for one or more of types of data has been exceeded, wherein the IoT data is aggregated data that includes at least two different types of data (Figure 11, 1104, 1112)(Paragraph [0098-0099] teaches time data, source data); 
making a determination, based on the IoT data and on the IoT device model, as to whether the set of security rules has been violated (Figure 11, 1112);
(Figure 11, 1108)(Paragraph [0100] “alerting a user).

Regarding Claim 2,

Zou teaches the apparatus of claim 1, the actions further including: receiving a configuration request; and adjusting the set of security rules based on the configuration request (Figure 9, 910 and associated text)

Regarding Claim 3,

Zou teaches the apparatus of claim 1, wherein the IoT data is received from a data collection agent deployed on the at least one IoT device (Paragraph [0046] teaches temperature reading from a thermometer).

Regarding Claim 4,

Zou teaches the apparatus of claim 1, wherein the at least one IoT device includes a plurality of loT devices, and wherein the IoT data is received from data collection agents deployed on the plurality of loT devices (Figure 2, 204-1, 204-N).

Regarding Claim 5,

Zou teaches the apparatus of claim 1, wherein the set of security rules include at least one of a whitelist of processes and a blacklist of processes (Paragraph [0061] teaches blacklist of web browsing application process).

Regarding Claim 7,

Zou teaches the apparatus of claim 1, wherein the IoT data is aggregated from multiple IoT devices including the at least one IoT device (Paragraph [0024] teaches IoT devices in a residence).

Regarding Claim 8,

Zou teaches the apparatus of claim 1, wherein the aggregated data of the IoT data includes environmental data and internal state data (Paragraph [0048] teaches temperature and time data)

Regarding Claim 9,

Zou teaches the apparatus of claim 8, wherein the environmental data includes at least one of temperature, humidity, sensed location, or geolocation (Paragraph [0048] teaches temperature).

Regarding Claim 10,

Zou teaches the apparatus of claim 8, wherein the internal data includes at least one of operating system version, a current state of active processes, open ports, or information associated with devices connected to the at least one IoT device (Paragraph [0048] teaches time data).

Regarding Claim 11,

Zou teaches the apparatus of claim 1, wherein the set of security rules are such that violation of the set of security rules indicates at least a possibility of an attack, wherein the attack is at least at least one of a physical attack or a cyber attack on the at least one IoT device (Paragraph [0104] teaches third party attempting to attack)

Regarding Claim 12,

Zou teaches the apparatus of claim 11, selectively sending the alert based on the determination further includes selectively sending information about the attack with the alert (Paragraph [0104])

Regarding Claim 13,

Claim 13 is similar in scope to Claim 1 and is rejected under a similar rationale.

Regarding Claims 14-15,

Claims 14-15 are similar in scope to Claims 4, 8 and are rejected under a similar rationale.


Regarding Claim 16,

Zou teaches the method of claim 13, further comprising: receiving a configuration request; and adjusting the configurable IoT device model based on the configuration request (Paragraph [0078-0079] teaches model can be updated based on configuration request).



Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.


Claim 6 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zou in view of Radocchia (US 2016/0358184).

Regarding Claim 6,

Zou teaches the apparatus of claim 1, but does not explicitly teach wherein the lol data includes a state of a tampering switch on the at least one Id device.

Radocchia (US 2016/0358184) teaches the lol data includes a state of a tampering switch on the at least one loT device. (Paragraph [0024-0025] leaches detecting tampering in an ioT device)

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zou with Radocchia 

The motivation is determining if tampering has occurred.


Claims 17-20 is/are rejected under 35 U.S.C. 103 as being unpatentable over Zou in view of Chen (US 2017/0235783)


Regarding Claim 17,

Zou teaches a device, comprising: a memory and a processor, wherein the memory and the processor are respectively configured to store and execute instructions for causing the device to perform operations for Internet of Things (loT) security, the operations comprising: 
generating a configuration request, wherein the configuration request is a request to change a set of security rules to an adjusted set of security rules (Figure 9, 910 and associated text), wherein the adjusted set of security rules is associated with an expected condition of at least one IoT device (Fig. 1, 1102, 1104, wherein normal behavior is “expected condition”);, wherein the adjusted set of security rules is based upon an assessment of loT data associated with each of a plurality of loT devices, and wherein the IoT data is aggregated data that includes at least two different types of data from the plurality of loT devices (Figure 11, 1104, 1112)(Paragraph [0098-0099] teaches time data, source data);  sending the configuration request to an loT hub; and receiving an alert from the IoT hub upon the IoT hub making a determination that the adjusted set of security rules has been violated (Figure 11, 1112) (Figure 11, 1108)(Paragraph [0100] “alerting a user).


Zou does not explicitly teach that the applying the adjusted set of security rules is based on a combination of at least two different types of data from at least two of the plurality of loT devices considered together

Chen (US 2017/0235783) teaches a combination of at least two different types of data from at least two of the plurality of loT devices considered together (Figure 8, 810 ,820, and Paragraph [0066] teaches receiving at least two different types of data from at least two IoT devices considered together) 

It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention to modify Zou with the rule based on a combination of different types of data of a plurality of devices considered tougher

The motivation is to provide a higher performance and scalable rule execution in an IoT system (Paragraph [0012] of Chen)

Regarding Claim 18,

Zou and Chen teaches the device of claim 17. Chen teaches wherein the adjusted set of security rules are based upon an assessment of loT data associated with the at least one IoT device such that the at least one IoT device is a plurality of loT devices (Figure 8, 810, 820 and associated text)

Regarding Claim 19,

Zou and Chen teaches the device of claim 17. Zou teaches wherein the aggregated data of the IoT data includes environmental data and internal data (Paragraph [0048] teaches temperature and time data).

Regarding Claim 20,

Zou and Chen teaches the device of claim 19. Zou teaches wherein the environmental data includes at least one of temperature, humidity, sensed location, or geolocation, and wherein the internal data includes at least one of operating system version, a current state of active processes, open ports, or information associated with devices connected to the at least one IoT device (Paragraph [0048])

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to HARRIS C WANG whose telephone number is (571)270-1462.  The examiner can normally be reached on M-F 9:00-5:30.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 571-270-5002.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see https://ppair-my.uspto.gov/pair/PrivatePair. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.






/HARRIS C WANG/Primary Examiner, Art Unit 2439